After the EU-U.S. Privacy Shield was rendered invalid by the Court of Justice of the European Union (CJEU) in July 2020, and following a prior challenge to the U.S.-EU Safe Harbor, many businesses operating on both sides of the pond scrambled to find other ways to protect data flows between the EU and U.S. that

Tracy P. Marshall
Partner at Keller and Heckman LLP
Washington, DC
WW International to Pay $1.5 Million Civil Penalty for Alleged COPPA Violations
In 2014, with childhood obesity on the rise in the United States, tech company Kurbo, Ltd. (Kurbo) marketed a free app for kids that, according to the company, was “designed to help kids and teens ages 8-17 reach a healthier weight.” When WW International (WW) (formerly Weight Watchers) acquired Kurbo in 2018, the app was…
Fashion Nova Settles with FTC for $4.2 Million Over Charges it Omitted Negative Reviews
You might think that paying more than $9 million to settle charges of violating the Federal Trade Commission’s (FTC) Mail Order Rule would have spurred clothing retailer Fashion Nova, LLC to review its consumer protection compliance posture. But for the second time in two years, Fashion Nova has found itself in trouble with the FTC,…
Legislators Ask COPPA Safe Harbor Organizations for Information
Children’s Online Privacy Protection Act (COPPA) enforcement actions closed out 2021 (see our blog post) and children’s online privacy remains a hot topic in Congress in 2022. After a series of articles by The Wall Street Journal last September uncovered Instagram’s own research on possible harms to teenagers from social media engagement, members of the…
Major COPPA Settlements Close Out 2021
Two important settlements involving alleged violations of the Children’s Online Privacy Protection Act (COPPA) were announced in December 2021. Actions by both federal and state regulators reinforce that COPPA remains on the regulatory radar screen, particularly when it comes to ad tech. Efforts to more broadly limit programmatic advertising are also underway.
FTC and OpenX…
The State of State Privacy Laws: A Comparison
In the absence of a comprehensive U.S. federal privacy law, three states – California, Virginia, and Colorado – have enacted comprehensive privacy laws as of this year. The California Consumer Privacy Act (CCPA) is in effect now, and the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and Colorado Privacy Act (CPA) …
FTC Takes Aim at Negative Option Marketing with New Enforcement Policy Statement
“Dark patterns” – user interfaces that are designed, intentionally or unintentionally, to influence user decision making – have been increasingly on the Federal Trade Commission’s (FTC or Commission) radar. As we previously reported, the FTC held a workshop earlier this year to examine, among other things, how dark patterns affect online user behavior and…
California Privacy Protection Agency Seeks Comments on New CCPA Regulations
The newly established California Privacy Protection Agency (the Agency) is soliciting public comments on a number of issues, as required by the California Privacy Rights Act (CPRA) that was passed by ballot initiative in November 2020. CPRA expands the rights afforded to California residents and the obligations imposed on businesses under the California Consumer Privacy…
FTC Resurrects Penalty Offense Authority as Possible Civil Penalty Vehicle
Following the U.S. Supreme Court’s April 22, 2021 decision in AMG Capital Management, LLC v. Federal Trade Commission, which put the brakes on the ability of the Federal Trade Commission (FTC or Commission) to use its Section 13(b) authority to seek monetary penalties for violations of the FTC Act, the Commission has sought another…
NIST Lays Out Cybersecurity Guidance for Non-Technical Supporting Capabilities Related to IoT Devices
With millions of Internet of Things (IoT) devices from phones to smart home censors flooding the market every year, effective cybersecurity to help mitigate risks to devices is vital. New guidance from The National Institute of Standards and Technology (NIST), IoT Non-Technical Supporting Capability Core Baseline (NISTIR 8259B), is intended to help manufacturers identify the…